W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2020

Re: [webauthn] clientDataJSON sent to authenticator? (#1442)

From: Nick Steele via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Jun 2020 00:37:45 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-645699784-1592440664-sysbot+gh@w3.org>
> confused why under 5.2. Authenticator Responses it says
`This attribute contains a JSON serialization of the client data passed to the authenticator by the client in its call to either create() or get().`

This could definitely be made clearer.

> why (for registration) `pubKeyCred.response.clientDataJSON` gets its value from `credentialCreationData.clientDataJSONResult` instead of `clientDataJSON`
Because, for brevity's sake, it should be kept in bytes until needing to be unpacked by the RP

The references that you list (one of which I am an author of and will update) are somewhat simplifying what occurs I think: the authenticator does indeed only request the `clientDataHash` rather than a byte-serialized version of the `ClientDataJSON`. 

GitHub Notification of comment by nicksteele
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1442#issuecomment-645699784 using your GitHub account
Received on Thursday, 18 June 2020 00:37:47 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:41 UTC